Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27.01.2019
Ran by bain (administrator) on BAIN-THINK (28-01-2019 18:40:37)
Running from C:\Users\bain\Desktop
Loaded Profiles: bain (Available Profiles: bain)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser not detected!)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(LITE-ON TECHNOLOGY CORP.) C:\Program Files\Lenovo\Lenovo Slim USB Keyboard\Skd8821.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Lenovo) C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
(Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(Memeo) C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe
() C:\Program Files\Lenovo\Lenovo Slim USB Keyboard\Sks8821.exe
(LITEON) C:\Program Files\Lenovo\Lenovo Slim USB Keyboard\skdh8821.exe
(Ulead Systems, Inc.) C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\PowerMgr\SCHTASK.exe
(Lenovo) C:\Program Files (x86)\Lenovo\PowerMgr\PWMDBSVC.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12343400 2012-01-10] (Realtek Semiconductor)
HKLM\...\Run: [Skd8821] => C:\Program Files\Lenovo\Lenovo Slim USB Keyboard\Skd8821.exe [384512 2011-03-22] (LITE-ON TECHNOLOGY CORP.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [261512 2019-01-05] (AVAST Software)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2012-02-01] (Intel Corporation)
HKLM-x32\...\Run: [Fastboot] => C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe [1091376 2012-01-17] (Lenovo)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67896 2018-06-23] (Apple Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Power Manager Startup Utility] => C:\Program Files (x86)\Lenovo\PowerMgr\DPMHost.exe [27392 2015-03-13] ()
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [261512 2019-01-05] (AVAST Software)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-1280489663-3106000304-1621100248-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
HKU\S-1-5-21-1280489663-3106000304-1621100248-1001\...\MountPoints2: {896ffd46-0638-11e3-92e6-806e6f6e6963} - Q:\LenovoQDrive.exe
HKLM\...\Drivers32-x32: [msacm.ulmp3acm] => C:\Program Files (x86)\Common Files\Ulead Systems\MPEG\ulmp3acm.acm [319488 2006-01-23] (Ulead systems)
HKLM\...\Drivers32-x32: [msacm.mpegacm] => C:\Program Files (x86)\Common Files\Ulead Systems\MPEG\mpegacm.acm [69632 2006-04-17] (Ulead Systems, Inc.)
HKLM\...\Drivers32-x32: [msacm.dvacm] => C:\Program Files (x86)\Common Files\Ulead Systems\vio\DVACM.acm [32768 2008-05-16] (Ulead Systems, Inc.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\71.0.3578.98\Installer\chrmstp.exe [2018-12-16] (Google Inc.)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{73FA19D0-2D75-11D2-995D-00C04F98BBC9}] ->
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> "C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.81\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
BootExecute: autocheck autochk * 곏睫
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.10.1
Tcpip\..\Interfaces\{35ADBC31-D93A-4AC7-B7F0-914C425B6D54}: [DhcpNameServer] 192.168.10.1
Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://
www.yahoo.com?fr=hp-avast&type=avastbcl
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-1280489663-3106000304-1621100248-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://us.yhs4.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKU\S-1-5-21-1280489663-3106000304-1621100248-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://
www.yahoo.com/
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxp://us.yhs4.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxp://us.yhs4.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1280489663-3106000304-1621100248-1001 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxp://us.yhs4.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-09-20] (Hewlett-Packard Co.)
BHO-x32: No Name -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> No File
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-09-20] (Hewlett-Packard Co.)
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Toolbar: HKU\S-1-5-21-1280489663-3106000304-1621100248-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Handler-x32: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - C:\Program Files (x86)\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll [2009-09-03] (Intuit, Inc.)
Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\SysWOW64\mscoree.dll [2010-11-20] (Microsoft Corporation)
FireFox:
========
FF DefaultProfile: nyglby9s.default-1382812564234
FF ProfilePath: C:\Users\bain\AppData\Roaming\Mozilla\Firefox\Profiles\nyglby9s.default-1382812564234 [2018-12-16]
FF Homepage: Mozilla\Firefox\Profiles\nyglby9s.default-1382812564234 -> hxxps://
www.yahoo.com/?fr=hp-avast&type=avastbcl
FF NewTab: Mozilla\Firefox\Profiles\nyglby9s.default-1382812564234 -> about:newtab
FF Extension: (Avast SafePrice | Comparison, deals, coupons) - C:\Users\bain\AppData\Roaming\Mozilla\Firefox\Profiles\nyglby9s.default-1382812564234\Extensions\sp@avast.com.xpi [2018-12-20]
FF Extension: (Avast Online Security) - C:\Users\bain\AppData\Roaming\Mozilla\Firefox\Profiles\nyglby9s.default-1382812564234\Extensions\wrc@avast.com.xpi [2018-11-25]
FF SearchPlugin: C:\Users\bain\AppData\Roaming\Mozilla\Firefox\Profiles\nyglby9s.default-1382812564234\searchplugins\yahoo-avast.xml [2017-05-09]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: (HP Smart Web Printing) - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013-10-25] [Legacy] [not signed]
FF HKU\S-1-5-21-1280489663-3106000304-1621100248-1001\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_27_0_0_130.dll [2017-09-17] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_27_0_0_130.dll [2017-09-17] ()
FF Plugin-x32:
@Intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.52 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2011-12-01] (Intel Corporation)
FF Plugin-x32:
@Intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2011-12-01] (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] ( Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll [2013-06-17] (Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-19] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-19] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1280489663-3106000304-1621100248-1001: intel.com/AppUp -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp.dll [2013-03-25] (Intel)
FF Plugin HKU\S-1-5-21-1280489663-3106000304-1621100248-1001: intel.com/AppUpx64 -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp_x64.dll [2013-03-25] (Intel)
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\firefox.cfg [2013-10-26] <==== ATTENTION
Chrome:
=======
CHR DefaultProfile: Default
CHR StartupUrls: Default -> "hxxp://
www.google.com/"
CHR Profile: C:\Users\bain\AppData\Local\Google\Chrome\User Data\Default [2019-01-27]
CHR Extension: (Docs) - C:\Users\bain\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-12-18]
CHR Extension: (Google Drive) - C:\Users\bain\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-05-22]
CHR Extension: (YouTube) - C:\Users\bain\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-05-22]
CHR Extension: (Google Search) - C:\Users\bain\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-13]
CHR Extension: (Avast SafePrice | Comparison, deals, coupons) - C:\Users\bain\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2018-12-20]
CHR Extension: (Google Docs Offline) - C:\Users\bain\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-11-15]
CHR Extension: (Avast Online Security) - C:\Users\bain\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2018-11-15]
CHR Extension: (Chrome Web Store Payments) - C:\Users\bain\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-05-21]
CHR Extension: (Gmail) - C:\Users\bain\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-05-22]
CHR Extension: (Chrome Media Router) - C:\Users\bain\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-12-20]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2018-07-05] (Apple Inc.)
S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [7834368 2019-01-05] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [357816 2019-01-05] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [367728 2019-01-05] (AVAST Software)
R2 FastbootService; C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe [169776 2012-01-17] (Lenovo)
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2011-12-15] (Intel Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2013-06-17] (Nitro PDF Software)
R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2009-08-27] (Nuance Communications, Inc.)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R3 Power Manager DBC Service; C:\Program Files (x86)\Lenovo\PowerMgr\PWMDBSVC.EXE [63744 2015-03-13] (Lenovo)
S3 PwmEWSvc; C:\Program Files (x86)\Lenovo\PowerMgr\PWMEWSVC.EXE [186624 2015-03-13] (Lenovo Group Limited)
R2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [24576 2009-09-03] (Intuit) [File not signed]
S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2009-07-23] (Intuit Inc.) [File not signed]
R2 Sks8821; C:\Program Files\Lenovo\Lenovo Slim USB Keyboard\Sks8821.exe [137216 2010-05-04] () [File not signed]
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [21536 2016-01-13] ()
R2 UleadBurningHelper; C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [61440 2008-01-10] (Ulead Systems, Inc.) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 avast; "C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe" /svc [X]
S3 avastm; "C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe" /medsvc [X]
S3 AvastVBoxSvc; "C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe" [X]
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [203488 2019-01-05] (AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdriver.sys [223056 2019-01-27] (AVAST Software)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidsh.sys [196264 2019-01-05] (AVAST Software)
R0 aswblog; C:\Windows\System32\drivers\aswblog.sys [320888 2019-01-05] (AVAST Software)
R0 aswbuniv; C:\Windows\System32\drivers\aswbuniv.sys [58160 2019-01-05] (AVAST Software)
S3 aswHwid; C:\Windows\System32\drivers\aswHwid.sys [46584 2019-01-05] (AVAST Software)
R1 aswKbd; C:\Windows\System32\drivers\aswKbd.sys [42488 2019-01-05] (AVAST Software)
R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [166792 2019-01-27] (AVAST Software)
R3 aswNetNd6; C:\Windows\System32\DRIVERS\aswNetNd6.sys [38152 2017-06-29] (AVAST Software)
R1 aswNetSec; C:\Windows\System32\drivers\aswNetSec.sys [512048 2019-01-05] (AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [111992 2019-01-05] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [88144 2019-01-05] (AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [1034056 2019-01-05] (AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [474648 2019-01-05] (AVAST Software)
S2 aswStm; C:\Windows\System32\drivers\aswStm.sys [218056 2019-01-05] (AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [380144 2019-01-05] (AVAST Software)
S3 Fastboot; C:\Windows\System32\DRIVERS\Fastboot.sys [70416 2012-01-17] (Windows (R) Win 7 DDK provider)
R3 TVTI2C; C:\Windows\System32\DRIVERS\Tvti2c.sys [40248 2011-05-29] (Lenovo Information Product(ShenZhen China) Inc.)
S2 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2019-01-28 18:40 - 2019-01-28 18:42 - 000020090 _____ C:\Users\bain\Desktop\FRST.txt
2019-01-28 18:40 - 2019-01-28 18:40 - 000000000 ____D C:\FRST
2019-01-28 18:39 - 2019-01-28 15:00 - 002428416 _____ (Farbar) C:\Users\bain\Desktop\FRST64.exe
2019-01-27 12:32 - 2019-01-27 12:32 - 000223056 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsdriver.sys
2019-01-27 12:19 - 2019-01-27 12:19 - 000000027 _____ C:\Users\bain\Desktop\fixhd.bat
2019-01-24 11:12 - 2019-01-25 17:24 - 000000000 ____D C:\Program Files\MyDefrag v4.3.1
2019-01-24 11:12 - 2019-01-24 11:12 - 000004114 _____ C:\Windows\System32\Tasks\MyDefrag v4.3.1 Monthly
2019-01-24 11:12 - 2019-01-24 11:12 - 000003434 _____ C:\Windows\System32\Tasks\MyDefrag v4.3.1 Daily
2019-01-24 11:12 - 2019-01-24 11:12 - 000000834 _____ C:\Users\Public\Desktop\MyDefrag.lnk
2019-01-24 11:12 - 2019-01-24 11:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyDefrag v4.3.1
2019-01-24 11:12 - 2010-05-21 12:11 - 001147392 _____ (J.C. Kessels) C:\Windows\system32\MyDefragScreenSaver_v4.3.1.exe
2019-01-24 11:12 - 2010-05-21 12:11 - 000485376 _____ (J.C. Kessels) C:\Windows\system32\MyDefragScreenSaver_v4.3.1.scr
2019-01-24 10:22 - 2019-01-24 09:57 - 002082630 _____ (J.C. Kessels ) C:\Users\bain\Desktop\MyDefrag-v4.3.1.exe
2019-01-24 10:22 - 2019-01-24 09:55 - 000448512 _____ (OldTimer Tools) C:\Users\bain\Desktop\TFC.exe
2019-01-22 11:43 - 2019-01-22 11:43 - 000000000 ____D C:\Users\bain\Documents\Lauras Documents
2019-01-09 10:19 - 2018-12-28 18:42 - 000396888 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2019-01-09 10:19 - 2018-12-28 17:52 - 000348760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2019-01-09 10:19 - 2018-12-28 15:03 - 000631680 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2019-01-09 10:19 - 2018-12-28 15:02 - 005552360 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2019-01-09 10:19 - 2018-12-28 15:02 - 001680616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2019-01-09 10:19 - 2018-12-28 15:02 - 000708328 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2019-01-09 10:19 - 2018-12-28 15:01 - 001664360 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2019-01-09 10:19 - 2018-12-28 14:59 - 001472512 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2019-01-09 10:19 - 2018-12-28 14:51 - 004055272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2019-01-09 10:19 - 2018-12-28 14:51 - 003960552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2019-01-09 10:19 - 2018-12-28 14:50 - 001314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2019-01-09 10:19 - 2018-12-27 19:01 - 025738240 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2019-01-09 10:19 - 2018-12-27 18:38 - 002902016 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2019-01-09 10:19 - 2018-12-27 18:25 - 020279808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2019-01-09 10:19 - 2018-12-27 18:25 - 000790016 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2019-01-09 10:19 - 2018-12-27 18:17 - 000969216 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2019-01-09 10:19 - 2018-12-27 18:02 - 002295808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2019-01-09 10:19 - 2018-12-27 17:48 - 015284224 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2019-01-09 10:19 - 2018-12-27 17:48 - 000809472 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2019-01-09 10:19 - 2018-12-27 17:45 - 002135552 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2019-01-09 10:19 - 2018-12-27 17:33 - 004860416 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2019-01-09 10:19 - 2018-12-27 17:29 - 013680640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2019-01-09 10:19 - 2018-12-27 17:29 - 002060288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2019-01-09 10:19 - 2018-12-27 17:29 - 000696320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2019-01-09 10:19 - 2018-12-27 17:22 - 001555968 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2019-01-09 10:19 - 2018-12-27 17:11 - 004386816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2019-01-09 10:19 - 2018-12-27 17:07 - 001329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2019-01-09 10:19 - 2018-12-07 21:47 - 000088576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wanarp.sys
2019-01-09 10:19 - 2018-12-07 10:33 - 000352768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrd3x40.dll
2019-01-09 10:18 - 2018-12-28 15:02 - 000262376 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2019-01-09 10:18 - 2018-12-28 15:02 - 000154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2019-01-09 10:18 - 2018-12-28 15:02 - 000095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2019-01-09 10:18 - 2018-12-28 14:59 - 001211904 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2019-01-09 10:18 - 2018-12-28 14:59 - 001163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2019-01-09 10:18 - 2018-12-28 14:59 - 000880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2019-01-09 10:18 - 2018-12-28 14:59 - 000731648 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2019-01-09 10:18 - 2018-12-28 14:59 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2019-01-09 10:18 - 2018-12-28 14:59 - 000503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2019-01-09 10:18 - 2018-12-28 14:59 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2019-01-09 10:18 - 2018-12-28 14:59 - 000419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2019-01-09 10:18 - 2018-12-28 14:59 - 000361984 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2019-01-09 10:18 - 2018-12-28 14:59 - 000345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2019-01-09 10:18 - 2018-12-28 14:59 - 000316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2019-01-09 10:18 - 2018-12-28 14:59 - 000312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2019-01-09 10:18 - 2018-12-28 14:59 - 000243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2019-01-09 10:18 - 2018-12-28 14:59 - 000215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2019-01-09 10:18 - 2018-12-28 14:59 - 000210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2019-01-09 10:18 - 2018-12-28 14:59 - 000190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2019-01-09 10:18 - 2018-12-28 14:59 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2019-01-09 10:18 - 2018-12-28 14:59 - 000135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2019-01-09 10:18 - 2018-12-28 14:59 - 000123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2019-01-09 10:18 - 2018-12-28 14:59 - 000094208 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2019-01-09 10:18 - 2018-12-28 14:59 - 000063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2019-01-09 10:18 - 2018-12-28 14:59 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2019-01-09 10:18 - 2018-12-28 14:59 - 000059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2019-01-09 10:18 - 2018-12-28 14:59 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2019-01-09 10:18 - 2018-12-28 14:59 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2019-01-09 10:18 - 2018-12-28 14:59 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2019-01-09 10:18 - 2018-12-28 14:59 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2019-01-09 10:18 - 2018-12-28 14:59 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2019-01-09 10:18 - 2018-12-28 14:59 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2019-01-09 10:18 - 2018-12-28 14:59 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2019-01-09 10:18 - 2018-12-28 14:59 - 000016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2019-01-09 10:18 - 2018-12-28 14:59 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2019-01-09 10:18 - 2018-12-28 14:59 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2019-01-09 10:18 - 2018-12-28 14:59 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2019-01-09 10:18 - 2018-12-28 14:59 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2019-01-09 10:18 - 2018-12-28 14:59 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2019-01-09 10:18 - 2018-12-28 14:59 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2019-01-09 10:18 - 2018-12-28 14:59 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2019-01-09 10:18 - 2018-12-28 14:59 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2019-01-09 10:18 - 2018-12-28 14:59 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2019-01-09 10:18 - 2018-12-28 14:59 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2019-01-09 10:18 - 2018-12-28 14:59 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2019-01-09 10:18 - 2018-12-28 14:59 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2019-01-09 10:18 - 2018-12-28 14:59 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2019-01-09 10:18 - 2018-12-28 14:59 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2019-01-09 10:18 - 2018-12-28 14:59 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2019-01-09 10:18 - 2018-12-28 14:59 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2019-01-09 10:18 - 2018-12-28 14:59 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2019-01-09 10:18 - 2018-12-28 14:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2019-01-09 10:18 - 2018-12-28 14:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2019-01-09 10:18 - 2018-12-28 14:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2019-01-09 10:18 - 2018-12-28 14:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2019-01-09 10:18 - 2018-12-28 14:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2019-01-09 10:18 - 2018-12-28 14:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2019-01-09 10:18 - 2018-12-28 14:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2019-01-09 10:18 - 2018-12-28 14:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2019-01-09 10:18 - 2018-12-28 14:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2019-01-09 10:18 - 2018-12-28 14:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2019-01-09 10:18 - 2018-12-28 14:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2019-01-09 10:18 - 2018-12-28 14:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2019-01-09 10:18 - 2018-12-28 14:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2019-01-09 10:18 - 2018-12-28 14:48 - 001114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2019-01-09 10:18 - 2018-12-28 14:48 - 000690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2019-01-09 10:18 - 2018-12-28 14:48 - 000666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2019-01-09 10:18 - 2018-12-28 14:48 - 000644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2019-01-09 10:18 - 2018-12-28 14:48 - 000554496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2019-01-09 10:18 - 2018-12-28 14:48 - 000342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2019-01-09 10:18 - 2018-12-28 14:48 - 000275968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2019-01-09 10:18 - 2018-12-28 14:48 - 000261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2019-01-09 10:18 - 2018-12-28 14:48 - 000254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2019-01-09 10:18 - 2018-12-28 14:48 - 000223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2019-01-09 10:18 - 2018-12-28 14:48 - 000172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2019-01-09 10:18 - 2018-12-28 14:48 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2019-01-09 10:18 - 2018-12-28 14:48 - 000141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2019-01-09 10:18 - 2018-12-28 14:48 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2019-01-09 10:18 - 2018-12-28 14:48 - 000082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2019-01-09 10:18 - 2018-12-28 14:48 - 000070144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2019-01-09 10:18 - 2018-12-28 14:48 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2019-01-09 10:18 - 2018-12-28 14:48 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2019-01-09 10:18 - 2018-12-28 14:48 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2019-01-09 10:18 - 2018-12-28 14:48 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2019-01-09 10:18 - 2018-12-28 14:48 - 000017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2019-01-09 10:18 - 2018-12-28 14:48 - 000007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2019-01-09 10:18 - 2018-12-28 14:48 - 000005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2019-01-09 10:18 - 2018-12-28 14:48 - 000005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2019-01-09 10:18 - 2018-12-28 14:48 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2019-01-09 10:18 - 2018-12-28 14:48 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2019-01-09 10:18 - 2018-12-28 14:48 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2019-01-09 10:18 - 2018-12-28 14:48 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2019-01-09 10:18 - 2018-12-28 14:48 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2019-01-09 10:18 - 2018-12-28 14:48 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2019-01-09 10:18 - 2018-12-28 14:48 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2019-01-09 10:18 - 2018-12-28 14:48 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2019-01-09 10:18 - 2018-12-28 14:48 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2019-01-09 10:18 - 2018-12-28 14:48 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2019-01-09 10:18 - 2018-12-28 14:48 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2019-01-09 10:18 - 2018-12-28 14:48 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2019-01-09 10:18 - 2018-12-28 14:48 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2019-01-09 10:18 - 2018-12-28 14:48 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2019-01-09 10:18 - 2018-12-28 14:48 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2019-01-09 10:18 - 2018-12-28 14:48 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2019-01-09 10:18 - 2018-12-28 14:48 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2019-01-09 10:18 - 2018-12-28 14:48 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2019-01-09 10:18 - 2018-12-28 14:48 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2019-01-09 10:18 - 2018-12-28 14:48 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2019-01-09 10:18 - 2018-12-28 14:48 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2019-01-09 10:18 - 2018-12-28 14:48 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2019-01-09 10:18 - 2018-12-28 14:48 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2019-01-09 10:18 - 2018-12-28 14:34 - 000148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2019-01-09 10:18 - 2018-12-28 14:34 - 000064512 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2019-01-09 10:18 - 2018-12-28 14:34 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2019-01-09 10:18 - 2018-12-28 14:34 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2019-01-09 10:18 - 2018-12-28 14:31 - 000338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2019-01-09 10:18 - 2018-12-28 14:31 - 000296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2019-01-09 10:18 - 2018-12-28 14:31 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\videoprt.sys
2019-01-09 10:18 - 2018-12-28 14:30 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2019-01-09 10:18 - 2018-12-28 14:28 - 000291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2019-01-09 10:18 - 2018-12-28 14:28 - 000161280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2019-01-09 10:18 - 2018-12-28 14:28 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2019-01-09 10:18 - 2018-12-28 14:27 - 000112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2019-01-09 10:18 - 2018-12-28 14:27 - 000064512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdk8.sys
2019-01-09 10:18 - 2018-12-28 14:27 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelppm.sys
2019-01-09 10:18 - 2018-12-28 14:27 - 000060928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\processr.sys
2019-01-09 10:18 - 2018-12-28 14:27 - 000060928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdppm.sys
2019-01-09 10:18 - 2018-12-28 14:27 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2019-01-09 10:18 - 2018-12-28 14:27 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2019-01-09 10:18 - 2018-12-28 14:27 - 000014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2019-01-09 10:18 - 2018-12-28 14:27 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2019-01-09 10:18 - 2018-12-28 14:27 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2019-01-09 10:18 - 2018-12-28 14:26 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2019-01-09 10:18 - 2018-12-28 14:26 - 000006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2019-01-09 10:18 - 2018-12-28 14:26 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2019-01-09 10:18 - 2018-12-28 14:26 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2019-01-09 10:18 - 2018-12-28 14:26 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2019-01-09 10:18 - 2018-12-27 18:50 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2019-01-09 10:18 - 2018-12-27 18:37 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2019-01-09 10:18 - 2018-12-27 18:36 - 000576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2019-01-09 10:18 - 2018-12-27 18:36 - 000417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2019-01-09 10:18 - 2018-12-27 18:36 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2019-01-09 10:18 - 2018-12-27 18:36 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2019-01-09 10:18 - 2018-12-27 18:31 - 005778944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2019-01-09 10:18 - 2018-12-27 18:29 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2019-01-09 10:18 - 2018-12-27 18:28 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2019-01-09 10:18 - 2018-12-27 18:26 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2019-01-09 10:18 - 2018-12-27 18:25 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2019-01-09 10:18 - 2018-12-27 18:25 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2019-01-09 10:18 - 2018-12-27 18:24 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2019-01-09 10:18 - 2018-12-27 18:17 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2019-01-09 10:18 - 2018-12-27 18:14 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2019-01-09 10:18 - 2018-12-27 18:07 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2019-01-09 10:18 - 2018-12-27 18:07 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2019-01-09 10:18 - 2018-12-27 18:06 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2019-01-09 10:18 - 2018-12-27 18:05 - 000498176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2019-01-09 10:18 - 2018-12-27 18:05 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2019-01-09 10:18 - 2018-12-27 18:04 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2019-01-09 10:18 - 2018-12-27 18:04 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2019-01-09 10:18 - 2018-12-27 18:03 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2019-01-09 10:18 - 2018-12-27 18:03 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2019-01-09 10:18 - 2018-12-27 18:03 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2019-01-09 10:18 - 2018-12-27 18:01 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2019-01-09 10:18 - 2018-12-27 17:59 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2019-01-09 10:18 - 2018-12-27 17:59 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2019-01-09 10:18 - 2018-12-27 17:58 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2019-01-09 10:18 - 2018-12-27 17:56 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2019-01-09 10:18 - 2018-12-27 17:55 - 000663040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2019-01-09 10:18 - 2018-12-27 17:55 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2019-01-09 10:18 - 2018-12-27 17:55 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2019-01-09 10:18 - 2018-12-27 17:50 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2019-01-09 10:18 - 2018-12-27 17:48 - 000728064 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2019-01-09 10:18 - 2018-12-27 17:47 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2019-01-09 10:18 - 2018-12-27 17:46 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2019-01-09 10:18 - 2018-12-27 17:43 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2019-01-09 10:18 - 2018-12-27 17:42 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2019-01-09 10:18 - 2018-12-27 17:42 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2019-01-09 10:18 - 2018-12-27 17:39 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2019-01-09 10:18 - 2018-12-27 17:39 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2019-01-09 10:18 - 2018-12-27 17:37 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2019-01-09 10:18 - 2018-12-27 17:36 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2019-01-09 10:18 - 2018-12-27 17:33 - 004494848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2019-01-09 10:18 - 2018-12-27 17:31 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2019-01-09 10:18 - 2018-12-27 17:28 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2019-01-09 10:18 - 2018-12-27 17:11 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2019-01-09 10:18 - 2018-12-27 17:06 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2019-01-09 10:18 - 2018-12-07 22:08 - 000095744 _____ (Microsoft Corporation) C:\Windows\system32\rascfg.dll
2019-01-09 10:18 - 2018-12-07 22:08 - 000076288 _____ (Microsoft Corporation) C:\Windows\system32\rasdiag.dll
2019-01-09 10:18 - 2018-12-07 22:08 - 000060928 _____ (Microsoft Corporation) C:\Windows\system32\ndptsp.tsp
2019-01-09 10:18 - 2018-12-07 22:08 - 000047104 _____ (Microsoft Corporation) C:\Windows\system32\kmddsp.tsp
2019-01-09 10:18 - 2018-12-07 22:08 - 000041472 _____ (Microsoft Corporation) C:\Windows\system32\rasmxs.dll
2019-01-09 10:18 - 2018-12-07 22:08 - 000029696 _____ (Microsoft Corporation) C:\Windows\system32\rasser.dll
2019-01-09 10:18 - 2018-12-07 21:56 - 000081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rascfg.dll
2019-01-09 10:18 - 2018-12-07 21:56 - 000061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasdiag.dll
2019-01-09 10:18 - 2018-12-07 21:56 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ndptsp.tsp
2019-01-09 10:18 - 2018-12-07 21:47 - 000058368 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndproxy.sys
2019-01-09 10:18 - 2018-12-07 21:47 - 000024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndistapi.sys
2019-01-09 10:18 - 2018-12-07 21:41 - 000038912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kmddsp.tsp
2019-01-09 10:18 - 2018-12-07 21:41 - 000033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasmxs.dll
2019-01-09 10:18 - 2018-12-07 21:41 - 000022528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasser.dll
2019-01-09 10:17 - 2018-12-28 13:09 - 000419608 _____ C:\Windows\SysWOW64\locale.nls
2019-01-09 10:17 - 2018-12-28 13:09 - 000419608 _____ C:\Windows\system32\locale.nls
2019-01-09 10:17 - 2018-12-27 18:50 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2019-01-08 15:36 - 2019-01-08 15:36 - 000037782 _____ C:\Users\bain\Downloads\119 east club.pdf
2019-01-05 19:49 - 2019-01-05 19:48 - 000320888 _____ (AVAST Software) C:\Windows\system32\Drivers\aswblog.sys
2019-01-05 19:49 - 2019-01-05 19:48 - 000196264 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsh.sys
2019-01-05 19:49 - 2019-01-05 19:48 - 000058160 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbuniv.sys
2019-01-05 19:48 - 2019-01-05 19:48 - 000361352 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2019-01-04 15:03 - 2019-01-04 15:03 - 000000393 _____ C:\Users\bain\Downloads\admhelper (2)
2019-01-04 15:02 - 2019-01-04 15:02 - 000000393 _____ C:\Users\bain\Downloads\admhelper (1)
2019-01-04 15:01 - 2019-01-04 15:01 - 000000393 _____ C:\Users\bain\Downloads\admhelper
2019-01-03 17:00 - 2019-01-03 17:00 - 000095383 _____ C:\Users\bain\Downloads\BAIN_90310.pdf
2019-01-03 16:50 - 2019-01-03 16:50 - 000095669 _____ C:\Users\bain\Downloads\BAIN_79463.pdf
2019-01-03 09:47 - 2019-01-03 09:47 - 000711803 _____ C:\Users\bain\Downloads\July 2019 Road Trip Schedule.pages
2019-01-03 09:44 - 2019-01-03 09:44 - 000701185 _____ C:\Users\bain\Downloads\June 2019 Road Trip Schedule (1).pages
2019-01-03 09:42 - 2019-01-03 09:42 - 000701185 _____ C:\Users\bain\Downloads\June 2019 Road Trip Schedule.pages
2019-01-03 09:41 - 2019-01-03 09:41 - 000518725 _____ C:\Users\bain\Downloads\IMG_20181229_0001 copy.pdf
2019-01-01 17:16 - 2019-01-01 17:16 - 000083043 _____ C:\Users\bain\Downloads\RedCardID.pdf
==================== One month (modified) ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2019-01-28 18:42 - 2009-07-13 23:45 - 000034432 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2019-01-28 18:42 - 2009-07-13 23:45 - 000034432 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2019-01-28 18:41 - 2009-07-14 00:13 - 000781790 _____ C:\Windows\system32\PerfStringBackup.INI
2019-01-28 18:41 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\inf
2019-01-28 18:17 - 2009-07-14 00:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-01-28 18:15 - 2014-12-23 12:17 - 000000000 ____D C:\Program Files\Microsoft Silverlight
2019-01-28 18:15 - 2014-12-23 12:17 - 000000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2019-01-27 19:36 - 2014-12-23 12:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2019-01-27 12:32 - 2013-10-25 16:14 - 000166792 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2019-01-27 11:50 - 2018-10-19 20:38 - 000004168 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2019-01-27 10:16 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\rescache
2019-01-27 09:45 - 2013-10-27 16:07 - 000000000 ____D C:\Users\bain\Documents\Business Documents
2019-01-22 11:57 - 2013-10-26 13:13 - 000000000 ____D C:\ProgramData\Malwarebytes
2019-01-22 11:52 - 2018-06-07 08:58 - 000000000 ____D C:\Users\bain\AppData\Local\AVAST Software
2019-01-22 11:52 - 2013-10-25 16:12 - 000000000 ____D C:\ProgramData\AVAST Software
2019-01-22 11:50 - 2015-08-15 14:42 - 000000000 ____D C:\Users\bain\AppData\Roaming\GlarySoft
2019-01-22 11:42 - 2017-09-29 16:38 - 000000969 _____ C:\Users\bain\Desktop\Scans.lnk
2019-01-10 13:02 - 2013-10-27 16:07 - 000000000 ____D C:\Users\bain\Documents\Med list
2019-01-10 09:21 - 2014-02-25 03:02 - 000773912 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2019-01-10 09:20 - 2013-10-25 15:01 - 000000000 ____D C:\Windows\system32\MRT
2019-01-10 08:55 - 2013-10-25 15:01 - 132790320 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2019-01-09 14:28 - 2014-01-04 12:58 - 000000000 ____D C:\Users\bain\AppData\Local\CrashDumps
2019-01-05 19:48 - 2018-10-19 20:37 - 000042488 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2019-01-05 19:48 - 2017-11-17 13:37 - 000203488 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys
2019-01-05 19:48 - 2016-09-08 11:51 - 000512048 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNetSec.sys
2019-01-05 19:48 - 2014-04-23 15:24 - 000046584 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2019-01-05 19:48 - 2014-01-07 19:56 - 000218056 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2019-01-05 19:48 - 2013-10-25 16:14 - 001034056 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2019-01-05 19:48 - 2013-10-25 16:14 - 000474648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2019-01-05 19:48 - 2013-10-25 16:14 - 000380144 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2019-01-05 19:48 - 2013-10-25 16:14 - 000111992 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2019-01-05 19:48 - 2013-10-25 16:14 - 000088144 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\dllhost.exe => File is digitally signed
C:\Windows\SysWOW64\dllhost.exe => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2019-01-27 13:01
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27.01.2019
Ran by bain (28-01-2019 18:42:42)
Running from C:\Users\bain\Desktop
Windows 7 Professional Service Pack 1 (X64) (2013-10-25 05:59:39)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-1280489663-3106000304-1621100248-500 - Administrator - Disabled)
bain (S-1-5-21-1280489663-3106000304-1621100248-1001 - Administrator - Enabled) => C:\Users\bain
Guest (S-1-5-21-1280489663-3106000304-1621100248-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1280489663-3106000304-1621100248-1002 - Limited - Enabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avast Antivirus (Disabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Disabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
FW: Avast Antivirus (Disabled) {B693136B-F6EE-DD1C-A0EF-229B8B0B29C4}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 27.0.0.124 - Adobe Systems Incorporated)
Adobe Flash Player 27 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 27.0.0.130 - Adobe Systems Incorporated)
Adobe Flash Player 27 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 27.0.0.130 - Adobe Systems Incorporated)
Adobe Reader X (10.1.16) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.16 - Adobe Systems Incorporated)
Amazon Music (HKU\S-1-5-21-1280489663-3106000304-1621100248-1001\...\Amazon Amazon Music) (Version: 3.6.0.671 - Amazon Services LLC)
Apple Application Support (32-bit) (HKLM-x32\...\{E5347310-C82F-4833-AA36-8D11E5A8A86A}) (Version: 6.6 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{D745E014-74DD-43A3-98DF-E7D38164B681}) (Version: 6.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C29B636B-9015-4ED1-A12F-6375A337F23B}) (Version: 11.4.1.46 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
Avast Premier (HKLM-x32\...\Avast Antivirus) (Version: 19.1.2360 - AVAST Software)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 71.0.3578.98 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.23 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.169 - Google Inc.) Hidden
HP Officejet 6600 Basic Device Software (HKLM\...\{B407F586-D027-45C3-9109-CC2943E839FA}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet 6600 Help (HKLM-x32\...\{2FA81482-5570-4CF0-9A10-D61D2F164916}) (Version: 140.0.2.2 - Hewlett Packard)
HPDiagnosticAlert (HKLM-x32\...\{B6465A32-8BE9-4B38-ADC5-4B4BDDC10B0D}) (Version: 1.00.0001 - Microsoft) Hidden
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
iTunes (HKLM\...\{36F365B3-05C2-455D-9D96-B73829DE046D}) (Version: 12.8.0.150 - Apple Inc.)
Lenovo System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 5.07.0022 - Lenovo)
Linksys Connect (HKLM-x32\...\Linksys Connect) (Version: 1.5.13225.3 - Linksys LLC)
Metric Collection SDK (HKLM-x32\...\{DDAA788F-52E6-44EA-ADB8-92837B11BF26}) (Version: - )
Microsoft .NET Framework 4.7.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.03062 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{4FFA2088-8317-3B14-93CD-4C699DB37843}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
MyDefrag v4.3.1 (HKLM\...\MyDefrag v4.3.1_is1) (Version: 4.0.0.0 - J.C. Kessels)
Power Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}_is1) (Version: 3.40.0001 - Lenovo Group Limited)
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 1.12.0016 - Realtek)
Windows Driver Package - Intel Corporation (igfx) Display (03/19/2012 8.15.10.2696) (HKLM\...\6AF882A8E50505CE490495746E271C3F586F9110) (Version: 03/19/2012 8.15.10.2696 - Intel Corporation)
Windows Driver Package - Intel hdc (09/10/2010 9.2.0.1011) (HKLM\...\171901D8B4D5484C362A709BF264A50F065A14FB) (Version: 09/10/2010 9.2.0.1011 - Intel)
Windows Driver Package - Intel System (08/26/2011 9.3.0.1011) (HKLM\...\D8EF6CACF49BD33CC1FACD124C8CC2B1A8E8AE35) (Version: 08/26/2011 9.3.0.1011 - Intel)
Windows Driver Package - Intel System (09/10/2010 9.2.0.1011) (HKLM\...\0CDBDD444A1F5FFEA227B4E7DCE195F11F08240A) (Version: 09/10/2010 9.2.0.1011 - Intel)
Windows Driver Package - Intel System (11/20/2010 9.2.0.1016) (HKLM\...\43B5066463CEBC83E99586A67037B6F9FC4193FE) (Version: 11/20/2010 9.2.0.1016 - Intel)
Windows Driver Package - Intel USB (12/21/2010 9.2.0.1021) (HKLM\...\0DD5528A211904214F70A66DE6ADBD378B21566D) (Version: 12/21/2010 9.2.0.1021 - Intel)
Windows Driver Package - Realtek (RTL8167) Net (11/23/2011 7.050.1123.2011) (HKLM\...\93D0B653D730EB57C01C763D1BE4E63ABC9204F0) (Version: 11/23/2011 7.050.1123.2011 - Realtek)
Windows Driver Package - Realtek Semiconductor Corp. HD Audio Driver (01/03/2012 6.0.1.6543) (HKLM\...\5DE3700033F94FCFD8726BE46A6727E460254CD5) (Version: 01/03/2012 6.0.1.6543 - Realtek Semiconductor Corp.)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-1280489663-3106000304-1621100248-1001_Classes\CLSID\{9E506282-69D3-5ABA-9C1D-15994B37F4AC}\InprocServer32 -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp_x64.dll (Intel)
CustomCLSID: HKU\S-1-5-21-1280489663-3106000304-1621100248-1001_Classes\CLSID\{9E506282-69D3-5ABA-9C1D-15994B37F4AD}\InprocServer32 -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp_x64.dll (Intel)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-01-05] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-01-05] (AVAST Software)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-01-05] (AVAST Software)
ContextMenuHandlers1: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => C:\Program Files (x86)\Glary Utilities 5\x64\ContextHandler.dll -> No File
ContextMenuHandlers1: [NP8ShellExtension] -> {9C4B85B8-956C-49BF-9BA5-101384E562B2} => C:\Program Files\Common Files\Nitro\Pro\8.0\NPShellExtension64.dll [2013-06-17] (Nitro PDF)
ContextMenuHandlers2: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => C:\Program Files (x86)\Glary Utilities 5\x64\ContextHandler.dll -> No File
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-01-05] (AVAST Software)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2012-03-19] (Intel Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-01-05] (AVAST Software)
ContextMenuHandlers6: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => C:\Program Files (x86)\Glary Utilities 5\x64\ContextHandler.dll -> No File
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0EE9B4CF-636A-4C9F-A2F6-4FCC9A7ED5A2} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2019-01-05] (AVAST Software)
Task: {1A480202-D656-4016-83A8-E801CD9D47D3} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2015-07-01] (Lenovo)
Task: {22A3D764-94AE-4BE1-9903-F02E9678C950} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-05-22] (Google Inc.)
Task: {2543F8A6-3718-4C88-BAF0-407388FFF27A} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask -> No File <==== ATTENTION
Task: {2A880493-2846-40BF-845A-9D1E8BAE6712} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {2B836916-8E13-4518-A150-13AABA691C37} - System32\Tasks\AvastUpdateTaskMachineCore => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe
Task: {2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION
Task: {344FED65-2709-4BC6-8A06-D8DC5DFEF82B} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe
Task: {4941C38D-D4D7-41C1-9779-A0E21F7B0474} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2019-01-27] (AVAST Software)
Task: {545A69A8-BAFF-490D-B92C-D3B8B2A03619} - System32\Tasks\HP Officejet 6600.exe_{16F7A9F5-F49C-4FED-86CC-E3A1288C6D76} => C:\Program Files\HP\HP Officejet 6600\Bin\HP Officejet 6600.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {5CC63F8E-3141-4B60-B7A7-EB358B7CE89E} - System32\Tasks\MCP => C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe [2012-05-15] (Lenovo)
Task: {646A581B-01CD-42A3-A843-31540A69E8ED} - System32\Tasks\Intel\Intel Service Manager => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [2013-03-25] (Intel Corporation)
Task: {74E061A4-41B7-4575-A284-F4177B0B616C} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [2015-08-17] (Lenovo)
Task: {8062835B-2134-44AA-A011-4D9AFBE98BF2} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {81384AD7-C2D9-458B-BCC1-3D4803EAB3B9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-05-22] (Google Inc.)
Task: {86135385-6445-4F33-A990-753E30FD0C1D} - System32\Tasks\PMTask => C:\Program Files (x86)\Lenovo\PowerMgr\PwmIdTsv.exe [2015-03-13] (Lenovo Group Limited)
Task: {9BD8B37F-EE44-4E13-AF09-7D8EDF1D23D3} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2018-01-08] (Apple Inc.)
Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {BE7ABD91-5FC9-4C02-BB79-182BEA9FC3C0} - System32\Tasks\MyDefrag v4.3.1 Monthly => C:\Program Files\MyDefrag v4.3.1\Scripts\AutomaticMonthly.MyD [2010-05-21] ()
Task: {CEDBB464-5A7C-40BC-A4E0-629FC490544D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-09-17] (Adobe Systems Incorporated)
Task: {CEE64558-E1A7-4D9D-80A7-2001912BE5B5} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector -> No File <==== ATTENTION
Task: {DE1176A6-1BBD-4B3F-8205-F630EB993503} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2016-01-13] ()
Task: {E511B7F6-B2EE-4D99-B2BF-915A39D1FF9E} - System32\Tasks\Lenovo\Message Center Plus Launcher => C:\Program Files (x86)\Lenovo\message center plus\mcplaunch.exe [2012-05-15] (Lenovo)
Task: {E935B5FF-F591-447A-A505-DD8E10B49FAF} - System32\Tasks\MyDefrag v4.3.1 Daily => C:\Program Files\MyDefrag v4.3.1\Scripts\AutomaticDaily.MyD [2010-05-21] ()
Task: {EB986760-5CAC-4163-9175-F7C6695C62EA} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline -> No File <==== ATTENTION
Task: {F3DE450D-AE9B-47A7-A571-4D3214174081} - System32\Tasks\AvastUpdateTaskMachineUA => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe
Task: {FA2BC0A6-8D4B-458A-85C8-2B8C72487513} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector -> No File <==== ATTENTION
Task: {FB3ACE8D-C5C7-4B1E-8604-79DECF25E021} - System32\Tasks\Microsoft\Windows\PLA\LSC Memory => C:\Windows\system32\rundll32.exe C:\Windows\system32\pla.dll,PlaHost "LSC Memory" "$(Arg0)"
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\":
WMI:subscription\__EventFilter->BVTFilter:
WMI:subscription\CommandLineEventConsumer->BVTConsumer:
==================== Loaded Modules (Whitelisted) ==============
2019-01-05 19:48 - 2019-01-05 19:48 - 000667016 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
2019-01-05 19:48 - 2019-01-05 19:48 - 000550792 _____ () C:\Program Files\AVAST Software\Avast\gui_cache.dll
2019-01-05 19:48 - 2019-01-05 19:48 - 001175944 _____ () C:\Program Files\AVAST Software\Avast\hns_tools.dll
2019-01-05 19:48 - 2019-01-05 19:48 - 001967496 _____ () C:\Program Files\AVAST Software\Avast\shepherdsync.dll
2019-01-28 18:20 - 2019-01-28 18:20 - 006943888 _____ () C:\Program Files\AVAST Software\Avast\defs\19012804\algo64.dll
2013-08-16 00:47 - 2012-03-19 02:09 - 000094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2018-06-23 05:56 - 2018-06-23 05:56 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2018-01-05 00:14 - 2018-01-05 00:14 - 000088888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2019-01-05 19:48 - 2019-01-05 19:48 - 093695912 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2010-05-04 12:47 - 2010-05-04 12:47 - 000137216 _____ () C:\Program Files\Lenovo\Lenovo Slim USB Keyboard\Sks8821.exe
2014-07-25 07:04 - 2015-03-13 12:59 - 000035584 _____ () C:\Program Files (x86)\Lenovo\PowerMgr\US\PWMRT64V.DLL
2013-08-16 01:14 - 2012-01-17 01:29 - 000030512 ____N () C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBServiceps.dll
2019-01-24 10:49 - 2019-01-24 10:49 - 000172032 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\9dbf6981c68bdb12fac628d87a8a8c4c\IsdiInterop.ni.dll
2013-08-16 01:05 - 2012-02-01 18:25 - 000059904 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2013-08-16 01:03 - 2011-12-15 21:39 - 001198872 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\Windows:nlsPreferences [386]
AlternateDataStreams: C:\ProgramData\TEMP:01C66DD9 [125]
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 21:34 - 2019-01-04 10:44 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path: C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Common Files\Ulead Systems\MPEG;C:\SWTOOLS\ReadyApps;C:\Program Files (x86)\Common Files\Lenovo;C:\Program Files (x86)\Common Files\Intuit\QBPOSSDKRuntime
HKU\S-1-5-21-1280489663-3106000304-1621100248-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\bain\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.10.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
If an entry is included in the fixlist, it will be removed.
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe (Microsoft Corporation)
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe (Microsoft Corporation)
FirewallRules: [{555A8A56-24E7-450E-8DE5-BC32C173A9EE}] => (Allow) C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe (Intel Corporation)
FirewallRules: [{13D7C40F-173B-4B89-89FD-6BA2FEB85F85}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
FirewallRules: [{3E4AB9D8-0C66-42DC-833A-914FC4CDBB4F}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe (Hewlett-Packard Co.)
FirewallRules: [{232E9BD7-A4CF-4773-82EC-3215B09B6975}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxm08.exe (Hewlett-Packard Co.)
FirewallRules: [{826BB4DF-0FE2-4582-8A94-7808A498CB4F}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposfx08.exe (Hewlett-Packard Co.)
FirewallRules: [{5A1DD182-ACCD-432B-9DDE-491A9C559C37}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe (Hewlett-Packard Co.)
FirewallRules: [{332F3524-EE0C-42D1-8E95-45C80A10493E}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe (Hewlett-Packard)
FirewallRules: [{2576673D-6909-44AE-AB99-CF39CFBCBC99}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcopy2.exe (Hewlett-Packard Co.)
FirewallRules: [{3FA64E5A-A310-407D-9DEC-FF166AEC57A0}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe ()
FirewallRules: [{505D90B1-6A52-4428-9C3F-1B45727E6667}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpzwiz01.exe (Hewlett-Packard Co.)
FirewallRules: [{5FD7B699-4913-42C6-BD0D-1CB555324D42}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe (Hewlett-Packard Co.)
FirewallRules: [{92A2B93B-4D15-474B-88E7-92B747EA8F0B}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqnrs08.exe (Hewlett-Packard Co.)
FirewallRules: [{5B24CB15-B977-4B8D-975E-2139125D8923}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe (Hewlett-Packard)
FirewallRules: [{347F0DDE-427A-4181-9392-1C481167E3B4}] => (Allow) C:\Program Files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe (Hewlett-Packard Development Co. L.P.)
FirewallRules: [{F95857B9-E04B-4396-8DAF-B1D61C86E726}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqsudi.exe (Hewlett-Packard Development Co. L.P.)
FirewallRules: [{8C9F573B-819E-4B39-964F-7C384A6E00A5}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqpsapp.exe (Hewlett-Packard Development Co. L.P.)
FirewallRules: [{9226A4D9-4399-4E3B-ACF0-45E447167B20}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxs08.exe (Hewlett-Packard Co.)
FirewallRules: [{F0A9DA80-A38C-4B29-8A8B-5B3EA4FE71C1}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqfxt08.exe (Hewlett-Packard Co.)
FirewallRules: [{D42E7B5A-05C6-41D6-B431-AF6C3A26E791}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqpse.exe (Hewlett-Packard Development Co. L.P.)
FirewallRules: [{219C8AAD-9407-45D5-85A4-E9B26FF8BB83}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe (Hewlett-Packard Co.)
FirewallRules: [{5C0E1EC6-2D2D-42D8-9922-C797DEB3E686}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe (Hewlett-Packard)
FirewallRules: [{924CA5E1-05B0-4A48-9F97-5327532C02F8}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe (Hewlett-Packard Co.)
FirewallRules: [{A7DF37D8-2504-49E7-8EC2-F3BAC0FCCEFE}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe (Hewlett-Packard Co.)
FirewallRules: [{5B6B9B91-14F6-40B4-BD90-72ABE191AFC5}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe (Hewlett-Packard)
FirewallRules: [{74A5A2F3-59D0-4331-BC89-3F9E7FCF6D00}] => (Allow) C:\Program Files (x86)\HP\digital imaging\smart web printing\smartwebprintexe.exe (Hewlett-Packard Co.)
FirewallRules: [{8831E861-1C0C-4AF8-8619-A7BCDDFED894}] => (Allow) C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe (Axentra Corporation)
FirewallRules: [{FEF2829B-F87B-43D0-AF05-2801E571B9FC}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe No File
FirewallRules: [{6A22AD80-AC4C-4690-ACE1-F13C05A3D106}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe No File
FirewallRules: [{E2C09C38-DC60-4F32-B9BE-280A23A61545}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe No File
FirewallRules: [{A05CE2A7-4730-427C-963F-353747523227}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe No File
FirewallRules: [{20908360-FB2E-4D39-AC75-CFBB99598A1B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe No File
FirewallRules: [{BFDA0EA9-FCAF-4638-82B8-83D3F6E4DFBB}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe ()
FirewallRules: [{B4890D2F-5D92-4AF3-8010-C8F23542DF4C}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe ()
FirewallRules: [{2899299D-9FF4-4593-9F16-75FE0301B9A3}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
FirewallRules: [{36356731-4581-4B1C-8E3C-E38F72E4EC08}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
FirewallRules: [{C24B2E2F-2194-462B-AC72-B63BF6B7AC9B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc.)
FirewallRules: [{3072FFC4-C3AC-43E3-A50C-05FDB3B2E0D5}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc.)
FirewallRules: [{A655F36A-633E-4991-8487-3FF02D85A8DB}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
FirewallRules: [{58E72EAF-F0B4-483D-9367-DF2B565F2902}] => (Allow) C:\Program Files\HP\HP Officejet 6600\bin\FaxApplications.exe (Hewlett-Packard Co.)
FirewallRules: [{192C48B1-97EA-420F-BDFA-82C68F3F2A8F}] => (Allow) C:\Program Files\HP\HP Officejet 6600\bin\DigitalWizards.exe (Hewlett-Packard Co.)
FirewallRules: [{D06B21AD-F42A-4974-A547-1C0C34467B17}] => (Allow) C:\Program Files\HP\HP Officejet 6600\bin\SendAFax.exe (Hewlett-Packard Co.)
FirewallRules: [{5661AA43-7D0E-4F0B-9BB4-799CC204E07C}] => (Allow) C:\Program Files\HP\HP Officejet 6600\Bin\DeviceSetup.exe (Hewlett-Packard Co.)
FirewallRules: [{5B59C40F-2767-4AB4-A27B-3B940CC45271}] => (Allow) C:\Program Files\HP\HP Officejet 6600\Bin\HPNetworkCommunicator.exe (Hewlett-Packard Co.)
FirewallRules: [{349A6806-CBA1-4910-9224-6F1F14E11A52}] => (Allow) C:\Program Files\HP\HP Officejet 6600\Bin\HPNetworkCommunicatorCom.exe (Hewlett-Packard Co.)
FirewallRules: [{5AFE2E41-8E21-43C6-8614-232B2B8B6DA4}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc.)
FirewallRules: [{D8F5739C-A55A-4EE2-BE89-E197B305AA2F}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
FirewallRules: [{978D0FB6-6740-4CB7-B8A5-117115CB3338}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe (AVAST Software)
FirewallRules: [{D95127E1-0811-433D-B125-0C05CB003414}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe (AVAST Software)
==================== Restore Points =========================
15-11-2018 11:05:27 Windows Update
16-11-2018 11:22:13 Windows Update
23-11-2018 16:19:42 Scheduled Checkpoint
04-12-2018 19:20:53 Scheduled Checkpoint
15-12-2018 14:29:58 Windows Update
16-12-2018 03:00:54 Windows Update
16-12-2018 16:49:07 Windows Update
29-12-2018 16:17:19 Scheduled Checkpoint
30-12-2018 03:00:34 Windows Update
08-01-2019 10:11:02 Scheduled Checkpoint
10-01-2019 08:48:47 Windows Update
22-01-2019 11:55:28 Removed HP Officejet 6600 Product Improvement Study
22-01-2019 14:43:35 Windows Update
27-01-2019 19:35:02 Windows Update
==================== Faulty Device Manager Devices =============
Name: VBoxAsw Support Driver
Description: VBoxAsw Support Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: VBoxAswDrv
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
==================== Event log errors: =========================
Application errors:
==================
Error: (01/28/2019 06:18:14 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (01/27/2019 12:25:37 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (01/25/2019 05:22:09 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 428208
Error: (01/25/2019 05:22:09 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 428208
Error: (01/25/2019 05:22:09 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (01/25/2019 04:42:31 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (01/24/2019 10:14:36 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (01/24/2019 10:01:31 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
System errors:
=============
Error: (01/28/2019 06:26:12 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Intel(R) Management and Security Application User Notification Service service hung on starting.
Error: (01/28/2019 06:24:06 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Update service hung on starting.
Error: (01/28/2019 06:21:15 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.
Error: (01/28/2019 06:20:09 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The %1!s! Update Service (avast) service failed to start due to the following error:
The system cannot find the file specified.
Error: (01/28/2019 06:18:00 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The VBoxAsw Support Driver service failed to start due to the following error:
The system cannot find the file specified.
Error: (01/27/2019 07:36:36 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Remote Access Connection Manager service depends on the Secure Socket Tunneling Protocol Service service which failed to start because of the following error:
The service did not start due to a logon failure.
Error: (01/27/2019 07:36:36 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Telephony service failed to start due to the following error:
The service did not start due to a logon failure.
Error: (01/27/2019 07:36:36 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The TapiSrv service was unable to log on as NT AUTHORITY\NetworkService with the currently configured password due to the following error:
The request is not supported.
To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i3-3220 CPU @ 3.30GHz
Percentage of memory in use: 47%
Total physical RAM: 3917.78 MB
Available physical RAM: 2059.48 MB
Total Virtual: 7833.7 MB
Available Virtual: 5912.61 MB
==================== Drives ================================
Drive c: (Windows7_OS) (Fixed) (Total:452.55 GB) (Free:191.13 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (LEXAR) (Removable) (Total:14.9 GB) (Free:4.52 GB) FAT32
Drive q: (Lenovo_Recovery) (Fixed) (Total:11.74 GB) (Free:1.79 GB) NTFS
\\?\Volume{896ffd44-0638-11e3-92e6-806e6f6e6963}\ (SYSTEM_DRV) (Fixed) (Total:1.46 GB) (Free:0.8 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: C0B726CE)
Partition 1: (Active) - (Size=1.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=452.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=11.7 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 14.9 GB) (Disk ID: C3072E18)
Partition 1: (Not Active) - (Size=14.9 GB) - (Type=0C)
==================== End of Addition.txt ============================